Microsoft Updates Windows, RDP, IE, in August Patch Tuesday

Microsoft released nine security bulletins for August's release, of which five were rated as critical and four as important, the company said in its Patch Tuesday notification advisory. The critical bulletins addressed remote code execution flaws in Windows Common Controls, Windows Networking Components, Remote Desktop Protocol on Windows XP systems, and Internet Explorer, as well as a zero-day vulnerability in libraries used by Microsoft Exchange Server.

Microsoft released nine security bulletins for August's release, of which five were rated as critical and four as important, the company said in its Patch Tuesday notification advisory. The critical bulletins addressed remote code execution flaws in Windows Common Controls, Windows Networking Components, Remote Desktop Protocol on Windows XP systems, and Internet Explorer, as well as a zero-day vulnerability in libraries used by Microsoft Exchange Server.

This month's updates "include patches to new problems, updates to old problems and something that may cause more work than you may have been anticipating this month," said Paul Henry, security and forensics analyst at Lumension.

Protect Your Exchange ServerThe remote code execution vulnerability fixed in MS12-058 involves how the Outlook Web Application (OWA) parses attachments for viewing via the WebReady Document Viewing component in Microsoft Exchange Server, according to an analysis of the patches by Trustwave SpiderLabs. The flaw is actually in "Oracle Outside In" custom libraries that Microsoft licenses from Oracle. The update replaces the vulnerable libraries with a patched version.

This flaw has already been publicly disclosed, but the vulnerability "never went anywhere in the exploit community," said Andrew Storms, director of security operations at nCircle.

Don't Click That LinkOne of the high priority bulletins (MS12-060) addresses an ActiveX component affecting all versions of Windows. While the issue was previously patched in April, it turned out the issue was more widespread and affected back office core systems, Storms said. There are actually two different versions of the patch, depending on which version of SQL Server is installed on the system.

Microsoft said it has seen limited targeted attacks exploiting this vulnerability in the wild.

Users have to explicitly open a specially-crafted RTF file for the attack on this vulnerability to succeed, Storms said. If organizations can't apply this patch immediately, they "should remind users about the dangers of opening attachments from unknown persons," Storms said.

XP's Remote Desktop DangerXP users running remote desktop protocol for any reason need to make MS12-053 a priority as well. This remote code execution flaw does not require any authentication. "If you don't need remote desktop on your server disable it," Trustwave said. If RDP is required but the patch can't be applied immediately, "at least block port 3389 at the firewall" to help against remote attacks, according to Trustwave.

Attack on Windows NetworkingThe critical update for Windows Networking Components (MS12-054) contains a print spooler bug and is "potentially wormable," according to Storms. This issue would predominately affect small business and campus locations where Windows computers are configured in workgroups, Storms said.

Are You Using Internet Explorer?Microsoft has been updating Internet Explorer every month recently, and August is no exception. MS12-052 is a cumulative update for Internet Explorer and fixes four separate critical issues involving remote code execution. Some of the bugs can be triggered by visiting a specially crafted website.

Organizations that can't apply this patch immediately or don't want to, can limit their risk exposure by setting the browser's security zone to "High," according to Trustwave. This blocks ActiveX controls and adds trusted sites to the IE Trusted Sites zone. IE can either prompt for, or disable, any Active Scripting, Trustwave added.

Important PatchesImportant bulletins include an elevation of privilege issue for Microsoft Windows (MS12-055), a kill bit update for JavaScript (MS12-056), and two remote code execution issues in Microsoft Office (MS12-057) and Visio (MS12-059).

Fahmida Y. Rashid is a senior analyst for business at PCMag.com. She focuses on ways businesses can use technology to work efficiently and easily. She is paranoid about security and privacy, and considers security implications when evaluating business technology. She has written for eWEEK, Dark Reading, and SecurityWeek covering security, core Internet infrastructure, and open source.
Follow me on Twitter: zdfyrashid
More »